CVE-2019-10650 — Out-of-bounds Read in Imagemagick
Severity
8.1HIGHNVD
EPSS
0.5%
top 34.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 30
Latest updateSep 4
Description
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2
Affected Packages3 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
2📋Vendor Advisories
4💬Community
4Bugzilla▶
CVE-2019-10650 GraphicsMagick: ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file [fedora-all]↗2019-04-18
Bugzilla▶
CVE-2019-10650 GraphicsMagick: ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file [epel-all]↗2019-04-18
Bugzilla▶
CVE-2019-10650 ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file [fedora-all]↗2019-04-18
Bugzilla▶
CVE-2019-10650 ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file↗2019-04-17